<?php

class LoginController extends Controller {

    var $name = 'login';
    var $uses = array('Users');
    var $components = array('user');

    function index() {
        $this->action = 'login';
        $this->login();
    }

    function login() {
        $this->layout = 'login';
        $login = false;
        $error_notice = null;
        if (!empty($this->referer)) {
            $redirect_url = $this->referer;
        } else {
            $redirect_url = '/dashboard/';
        }

        if (!empty($this->data)) {
            $user_login = $this->data['User']['login'];
            $user_pwd = $this->data['User']['passwd'];

            if (!empty($user_login) && empty($user_pwd)) {
                $error_notice = __('ERROR: The password field is empty.');
            }

            if (empty($user_login)) {
                $error_notice = __('ERROR: The username field is empty.');
            }
            if (empty($error_notice)) {
                $user_login = sanitize_user($user_login);
                if (empty($user_login)) {
                    $error_notice = __('ERROR: Invalid username.');
                    $this->data['User']['passwd'] = null;
                } else {
                    $user_password = $this->Users->field('password', "username='$user_login' AND status='1'");
                    if (empty($user_password)) {
                        $error_notice = __('ERROR: Invalid username.');
                        $this->data['User']['passwd'] = null;
                    } else {
                        $user_pwd = md5($user_pwd);
                        if ($user_password != $user_pwd) {
                            $error_notice = __('ERROR: Incorrect password.');
                            $this->data['User']['passwd'] = null;
                        } else {
                            al_setcookie($user_login, md5($user_pwd));
                            update_last_login($user_login);
                            $login = true;
                        }
                    }
                }
            }
        } else {
            $user_cookie = al_getcookie();
            $user_login = $user_cookie['username'];
            $user_pwd = $user_cookie['password'];
            if (!empty($user_login) && !empty($user_pwd)) {
                $user_password = $this->Users->field('password', "username='$user_login' AND status='1'");
                if (!empty($user_password) && $user_pwd == md5($user_password)) {
                    $login = true;
                }
            } else {
                al_clearcookie();
            }
        }

        if ($login) {
            $redirect_url = apply_filters('login_redirect', $redirect_url);
            $this->redirect($redirect_url);
            exit();
        }

        if (!empty($error_notice)) {
            $this->set('tip_notice', null);
        }
        $this->set('error_notice', $error_notice);
    }

    function logout($status = null) {
        $this->layout = null;
        if (empty($status)) {
            al_clearcookie();
            $this->redirect('/login/logout/done');
        } else {
            $this->layout = 'login';
            $this->action = 'login';
            $logout_notice = null;
            if ($status == 'done') {
                $logout_notice = __('You are now logged out.');
            }
            $this->set('tip_notice', $logout_notice);
            $this->login();
        }
    }

    function lost_password() {
        $this->layout = 'login';
        $error_notice = null;
        $hide_input = false;
        $tip_notice = __('Please enter your username or e-mail address. You will receive a new password via e-mail.');
        if (!empty($this->data)) {
            if (empty($this->data['User']['login'])) {
                $error_notice = __('ERROR: Enter a username or e-mail address.');
            } else {
	            if (strstr($this->data['User']['login'], '@')) {
		            if (!preg_match('/[a-z]+[a-z0-9_]+@[a-z0-9]+[a-z0-9_]+\.[a-z]+/i', $this->data['User']['login'])) {
		                $error_notice = __('ERROR: The email address isn&#8217;t correct.');
		            } else {
		                $email = $this->data['User']['login'];
		                $user = $this->Users->find("email='$email'");
		                if (empty($user)) {
		                    $error_notice = __('ERROR: There is no user registered with that email.');
		                } else {
                            $tip_notice = __('Check your e-mail for the confirmation link.');
                            $hide_input = true;
		                }
		            }

	            } else {
		            $username = sanitize_user($this->data['User']['login']);
		            if (empty($username)) {
		                $error_notice = __('ERROR: Invalid username.');
		            } else {
		                $user = $this->Users->find("username='$username'");
		                if (empty($user)) {
		                    $error_notice = __('ERROR: There is no user registered with that username.');
		                } else {
                            $tip_notice = __('Check your e-mail for the confirmation link.');
                            $hide_input = true;
		                }
	                }
	            }
	        }
        }

        $this->set('hide_input', $hide_input);
        $this->set('tip_notice', $tip_notice);
        $this->set('error_notice', $error_notice);
    }
}
?>
